[00:03.700 --> 00:10.200]  Hey! Hey, so this is Kathleen. We're back at the Career Hacking Village,
[00:10.200 --> 00:17.680]  and I'm so excited to invite my friend Chris Rice to talk about resumes, because Chris and I have
[00:17.680 --> 00:23.920]  done resume reviewing for the last six or seven years at several of the Las Vegas cons, and we
[00:23.920 --> 00:32.500]  can tell you that resumes really are, one, very important to finding your next job, but two,
[00:32.500 --> 00:38.440]  they can be really screwed up if you don't do them right, and three, people will tell you
[00:39.360 --> 00:45.860]  to pay someone to do your resume when they really shouldn't. So I'm going to turn it over to my
[00:45.860 --> 00:52.540]  friend Chris Rice, and he's going to talk to you about doing your resume. Chris, take it away.
[00:52.580 --> 00:59.220]  Thank you so much, Kathleen. So I'm still getting used to presenting over video. It's
[00:59.220 --> 01:05.280]  kind of one of those... I prefer talks in person, because I like a little bit of audience interaction,
[01:05.280 --> 01:10.740]  and that way I can usually see if my terrible jokes are, like, getting a laugh, or like normal,
[01:10.740 --> 01:16.300]  you know, just falling a bit flat. It's a good reminder of why I ended up in recruitment and
[01:16.300 --> 01:23.520]  not in comedy. So let's talk about my... my talk's going to be called Owning Your Resume.
[01:24.800 --> 01:30.860]  I'll tell you a little bit about me, first of all. So I've been for a bloody long time now in
[01:30.860 --> 01:36.900]  tech recruitment, and the last eight years have been dedicated specifically to cybersecurity
[01:36.900 --> 01:44.280]  recruitment. Eight years ago, I co-founded Tyro Security, which is a cybersecurity staffing and
[01:44.280 --> 01:50.080]  professional services company based out of Los Angeles, and covering really the whole of the US.
[01:50.600 --> 01:57.460]  I also co-founded a company called Commute.io, which we were looking to launch properly Q2 this
[01:57.460 --> 02:05.020]  year. Much like jokes are all about timing, start-ups often are as well. Commute was focused
[02:05.020 --> 02:11.720]  on retaining your staff, and doing that by looking at the horrible commutes that people had, and how
[02:11.720 --> 02:18.080]  that affected their happiness. Clearly, while we're in this... this time where we're in the
[02:18.080 --> 02:22.980]  crazy experiment of COVID, where everybody's working from home, and we're kind of figuring
[02:22.980 --> 02:26.620]  that out, commutes aren't much of an issue right now. So who knows what's going to happen with that
[02:26.620 --> 02:32.680]  one. Now, I'm also founding board member and president of the Cloud Security Alliance Southern
[02:32.680 --> 02:39.120]  California chapter, and I'm an advisory board member for the National Cybersecurity Training
[02:39.120 --> 02:46.700]  and Education Center. And just a little bit about me, I absolutely love diving with sharks.
[02:47.600 --> 02:53.220]  Don't get to do it much anymore. I've got a little daughter, wife thinks it's too dangerous.
[02:54.240 --> 02:59.660]  Yep, this is one of my pictures. And I was hanging out, I wasn't a cage, don't worry,
[02:59.660 --> 03:05.380]  but I was actually hanging out of the cage with my camera like this. So I guess there's an element
[03:05.380 --> 03:10.320]  of danger, that's probably why I enjoy doing it. But anyway, I'm on a band now, wife says I can't
[03:10.320 --> 03:16.780]  do this anymore. But I am allowed to go to cybersecurity conferences. And the great thing
[03:16.780 --> 03:23.040]  about that is there must be some cybersecurity people that are scuba divers, right? So if you
[03:23.040 --> 03:27.900]  are, you need to connect with me on LinkedIn, we need to organize a conference that's on a scuba
[03:27.900 --> 03:34.200]  diving boat, because I'm sure I can get the approval for that. So let's combine the two.
[03:34.200 --> 03:41.740]  Totally up for that. Right, so what am I talking about? So I'm going to be talking about writing
[03:41.740 --> 03:49.480]  the actual best resume for you. We're going to look at avoiding common mistakes. We're also
[03:49.480 --> 03:57.000]  going to look at what most hiring managers want to read. And I say most because every person is
[03:57.000 --> 04:02.200]  different. We've got to work for the majority and we've got to put together a resume that works for
[04:02.200 --> 04:06.720]  the majority. And that's where my experience comes in. And hopefully this is what's going to
[04:06.720 --> 04:10.980]  come out of this. And then it's going to be talking about getting your resume in front of the right
[04:10.980 --> 04:15.440]  person. It's no good having an amazing resume unless you're actually having the right person
[04:15.440 --> 04:28.620]  read it. What the talk's not about. Resumes, are they outdated? Well, probably. We must be able to
[04:28.620 --> 04:32.800]  come up with something better than a piece of paper with this information on. But we haven't
[04:32.800 --> 04:38.800]  got anything yet. Nothing that at least is accepted globally and can do everything that these
[04:38.800 --> 04:46.160]  documents do while also minimising any potential bias. So, you know, we're still figuring that out.
[04:46.160 --> 04:51.340]  LinkedIn and things like that. Who knows? Maybe they will end up taking over from resumes. But
[04:51.340 --> 04:56.420]  right now, resumes are what we've got. We need to make the most of them. And the other thing we're
[04:56.420 --> 05:02.780]  not going to cover is something I call keyword tricks. Keyword tricks are things like hidden
[05:03.460 --> 05:10.120]  words, huge skills matrices. You know, when you write these things all out in white font or in
[05:10.120 --> 05:16.320]  tiny fonts that aren't really readable by a person, but are aimed to be picked up by systems,
[05:16.320 --> 05:23.180]  you only need these things if you're planning to send those resumes into those systems. And
[05:24.120 --> 05:28.340]  that shouldn't be your goal. And I don't want that to be what comes out of this talk.
[05:28.500 --> 05:31.660]  I'm a firm believer you want to get your resume in front of the right person,
[05:31.660 --> 05:35.320]  not into the right system. So we're not going to be covering this.
[05:38.660 --> 05:45.380]  So my goals by the end of this talk, the plan is that you will understand why resumes are still
[05:46.080 --> 05:53.140]  very, very important. You can understand what the common mistakes are, how we go about avoiding
[05:53.140 --> 06:01.140]  them. Also, the relationship between your social media and your resume and the actual job search
[06:01.140 --> 06:06.340]  you're doing. And then the final part, as soon as we're going to come up with an amazing resume for
[06:06.340 --> 06:12.160]  you, we're going to want to make sure we maximise what we do with that and maximise the opportunities
[06:12.160 --> 06:23.580]  that you can get. So CV or resume. You can probably tell by the accent, I'm not originally
[06:23.580 --> 06:29.000]  from the US. And the great thing about DEF CON is, you know, when I've been for the last few years,
[06:29.000 --> 06:35.120]  you meet so many people from all over the world. I'm originally from London. I spent half my career
[06:35.120 --> 06:41.680]  in recruitment, actually recruiting for Europe. And in Europe, we use Curriculum Vitae or CV,
[06:41.680 --> 06:47.360]  which is Latin for course of life. And that's how we refer to it there. Not course of life,
[06:47.360 --> 06:52.900]  of course, we call it CV. And then the other half of my recruiting experience has been over here in
[06:52.900 --> 07:01.720]  the US, where we use resume, which is French to summarise. Now, there are a lot of articles that
[07:01.720 --> 07:07.580]  I've read on the web, and it talks about the differences between having a CV or having a
[07:07.580 --> 07:14.180]  resume. It talks about the length or maybe content. But it's the same thing. It's the same
[07:14.180 --> 07:23.060]  thing, right? It's a concise written history of your work in life. And it's designed to get you
[07:23.060 --> 07:26.880]  an interview. It's not designed to get you a job, it's designed to get you that interview.
[07:27.760 --> 07:33.540]  Now, I've been hands off for a while now, I don't do a lot of hands on recruiting.
[07:33.540 --> 07:41.260]  And I'm still seeing probably 10 resumes a day. When I was recruiting, 60 a day wouldn't be
[07:41.260 --> 07:46.620]  unheard of. And if I work back and think about how long I've been doing this for,
[07:46.620 --> 07:53.940]  even with half of it being in Europe with, of course, the famous European vacation time we get,
[07:53.940 --> 07:59.220]  which I definitely made use of, I'd still estimate that I saw over 200,000 resumes
[08:00.300 --> 08:06.520]  in my time within the recruitment industry. And almost all of that was the tech area. So
[08:06.520 --> 08:11.660]  I've seen a lot of resumes, and that's what I'm building this information on off of.
[08:14.260 --> 08:21.040]  So resumes are still very much important. You need to look at your resume. And some people
[08:21.040 --> 08:26.880]  get frustrated when they think about resumes. Oh, I've still got to do this. They can just look at
[08:26.880 --> 08:33.400]  my LinkedIn. Resumes are still very, very important. Just as communication skills are
[08:33.400 --> 08:39.580]  important in every job that you go for, they will expect and want good communication skills.
[08:39.580 --> 08:45.340]  And your resume, you've got to think of your resume as a test, if anything. Your resume is
[08:45.340 --> 08:53.260]  there to show hiring management, recruiters, everybody in that process, how you would
[08:53.260 --> 08:58.780]  communicate in writing. So you've got to bear that in mind. When you're doing this,
[08:58.780 --> 09:03.720]  when you're looking at resumes and you're putting them together, this is a test.
[09:03.820 --> 09:10.680]  You want to do your absolute best in this test. And hopefully this presentation and talk is going
[09:10.680 --> 09:16.720]  to help you do some of this. And just remember this document is there to get you the interview.
[09:16.720 --> 09:22.260]  And once it's got you the interview, it's going to form a major part of your actual interview
[09:22.260 --> 09:27.540]  process. So let's make sure you got it right. Let's make sure it's something that you know
[09:27.540 --> 09:38.130]  really well and then you can use. So owning your resume. Your resume represents you.
[09:38.970 --> 09:46.850]  This is supposed to be you, right? You should be the one that is putting your resume together.
[09:46.890 --> 09:53.950]  It represents you, it represents your career history. You must write it. Can you take a look
[09:53.950 --> 09:58.050]  at others? Of course you can. Who else do you know in the industry? Let's have a look at their
[09:58.050 --> 10:03.770]  resume. Will they share them with you? Could you use other people's in a template? Of course you
[10:03.770 --> 10:10.050]  could. You know, if you want to do that, great. No problem with that. Use a second set of eyes.
[10:10.050 --> 10:16.870]  You know people that are in the industry or recruiters or whoever it may be. Get them to
[10:16.870 --> 10:21.050]  take another look at your resume and give you feedback on it. You've got friends, you've got
[10:21.050 --> 10:26.790]  contacts. Do that. Just don't pay for somebody to do this. Please, please, please, please, please do
[10:26.790 --> 10:34.430]  not pay for somebody to do this. And I'm probably really annoying a lot of people that maybe do
[10:34.430 --> 10:44.690]  resume writing as a career. I'm sorry. I'm sorry. I'm not really that sorry, honestly.
[10:44.690 --> 10:52.090]  That professional resume writers, I think I know one professional resume writer that actually
[10:52.090 --> 10:58.210]  works within the cyber security industry and has cyber security experience. One,
[10:58.210 --> 11:05.050]  one. I think I know 15,000 contacts on LinkedIn, well over 15,000 now. I still only know one,
[11:05.050 --> 11:12.070]  right? And your resume is very, very much industry specific. Different resumes are
[11:12.070 --> 11:19.190]  needed for different industries. And so the cyber security industry has its own requirements. So
[11:19.190 --> 11:24.910]  having a generic resume written by somebody that writes resumes for every industry isn't going to
[11:24.910 --> 11:32.070]  be that good for you. And I've looked at a lot of these and I can tell you much of the time when
[11:32.070 --> 11:36.850]  we are asking for changes and we have somebody say, well, but I paid somebody to do this.
[11:36.850 --> 11:42.590]  They still need changes in them because they're not set up for what a cyber security resume should
[11:42.590 --> 11:48.350]  look like. And so you could pay quite a lot of money for that to be done. So I'm just going to
[11:48.350 --> 11:55.950]  say, save your money, spend it on something that would help your career, whether that's expanding
[11:55.950 --> 12:01.990]  your knowledge, a training course, whether that's buying a new tool that you can play with at home,
[12:02.630 --> 12:10.430]  or whether that's even getting a certification, just don't pay somebody else to write your
[12:10.430 --> 12:15.630]  resume. Don't do that, please. Sorry, resume reviewers, but don't do it. Don't do it,
[12:15.630 --> 12:21.130]  resume writers. Anyway, right. Dress for the occasion is what I call this. You want your
[12:21.130 --> 12:28.410]  resume to fit the occasion. And so you're going to have multiple resumes. What we're going to
[12:28.410 --> 12:35.590]  mainly focus on is your generic resume. So your generic resume is the one that you're going to
[12:35.590 --> 12:41.750]  base your specific resumes from. So you've got to get this one right, first of all.
[12:41.750 --> 12:48.970]  If you're one of those people who like to take a printed copy to job fairs, and I gather there are
[12:48.970 --> 12:53.990]  still people that like to do that, especially because people don't want to send documents
[12:53.990 --> 12:58.430]  that could, you know, especially within cyber security, sending documents to different people
[12:58.430 --> 13:02.530]  or letting people loose on your computer might understand that. So if you're somebody who wants
[13:02.530 --> 13:08.030]  to take a printed copy with you, this is the one you're going to use.
[13:08.450 --> 13:15.150]  This one is going to be more tailored towards the type of job that you're most likely to be
[13:15.150 --> 13:23.270]  applying for. This one's going to talk about projects, experience that you've got that's
[13:23.270 --> 13:28.950]  broad. It's not going to go into so much the specifics. It's going to give people a general
[13:28.950 --> 13:36.530]  understanding of who you are and the experience that you've got. And you're going to use that
[13:36.530 --> 13:42.190]  for certain things you will use that for. The specific resume is the one that you're going to
[13:42.190 --> 13:47.610]  actually use and write for job description, specific job description. You know, you've got
[13:47.610 --> 13:52.750]  the job description there. You're going to take your generic resume. You're going to really,
[13:52.750 --> 13:57.230]  really read that job description, or even better, if you know somebody that works there,
[13:57.230 --> 14:05.590]  or you even may know the hiring manager, speak to them, get more information out of what they're
[14:05.590 --> 14:12.410]  truly looking for, and then make sure that's in your specific resume. I did this at my last
[14:12.410 --> 14:17.510]  position, and I know you're looking to do the same project, right? Make sure that's in there.
[14:17.510 --> 14:25.470]  And you've got to make sure that that relevant experience relates to the job you're applying for.
[14:26.410 --> 14:31.430]  The most relevant skills are in there. The most relevant tools are in there. Your most
[14:31.430 --> 14:37.690]  relevant projects are in there. They're all ready for that particular job, and you're going to want
[14:37.690 --> 14:42.510]  to detail that in your specific resume. So you might end up with quite a few specific resumes.
[14:43.270 --> 14:49.790]  Totally normal. It's important. It does take time. But this resume is the one that will
[14:49.790 --> 14:53.970]  get you the job, and it's the one that will create the conversation during your interview.
[14:54.110 --> 15:01.350]  So take time. It's worth it. All right, common mistakes. Oh, boy.
[15:02.510 --> 15:10.290]  Let's start off with resume length. Now, I'm talking very much about... I said this earlier
[15:10.290 --> 15:17.930]  in the presentation. We're talking about generically what most managers want to see.
[15:20.350 --> 15:26.710]  Some managers out there may well like to see a long, detailed resume, but on the whole,
[15:26.710 --> 15:31.650]  most do not. And so we're going to work for the most. We're going to put together a generic
[15:31.650 --> 15:39.270]  resume that works for the most. And so talking about resume length, your resume is a clear,
[15:39.270 --> 15:44.310]  concise example of your written communication skills.
[15:45.090 --> 15:51.530]  So unless you just graduated and have very little work experience,
[15:52.350 --> 15:57.190]  I can't see how you will get it to one page. And the ones that I have seen that are one-page
[15:57.190 --> 16:04.150]  resumes, they're usually missing key information, and they're usually written in a really small font
[16:04.150 --> 16:10.410]  that just makes it awkward to read. It's not good. It's not what you would do in a report that you
[16:10.410 --> 16:17.650]  would be writing. So skip the one-page one unless you've just graduated. Ideal resume length,
[16:17.650 --> 16:25.810]  two to three pages. Once you get to four pages, you're kind of pushing it. And anything more than
[16:25.810 --> 16:32.770]  that, you're going to lose your audience. I'll tell you a story, and I wrote a blog about this,
[16:32.770 --> 16:41.110]  but I had a resume sent across to us, and I opened it up. It was 55 pages. 55-page resume. Wow.
[16:43.210 --> 16:48.870]  I don't know whether to write a resume or a novel. It was insane. So I actually spoke to the person,
[16:48.870 --> 16:56.170]  and you have to be pretty tactile because this is somebody's experience, and they obviously feel
[16:56.170 --> 17:00.330]  passionate about the experience they've got, and they feel passionate enough to write a 55-page
[17:00.330 --> 17:06.350]  resume. So I did say to the person, have you got another resume that you also use? Because
[17:06.890 --> 17:11.370]  some people have a couple of generic resumes. Some people will have a two- or three-page
[17:11.370 --> 17:15.490]  generic resume, and then they might have something, a longer one, in case they get
[17:15.490 --> 17:20.690]  asked and you've got something that goes into more detail. So I asked that question,
[17:21.870 --> 17:27.770]  and got an email back, excitedly opened up the resume. That's an amazing experience.
[17:27.770 --> 17:35.790]  Opened up the resume, 70 pages. Yep, turns out the 55-page resume was their short one.
[17:35.990 --> 17:40.990]  So look, I know you're passionate about your experience. I know you want to work for companies
[17:40.990 --> 17:46.590]  that are also passionate about your experience, but you need to be able to write clear and concise
[17:46.590 --> 17:54.130]  documents for most jobs that you go for. And so if you can't get it down to that, and we'll talk
[17:54.270 --> 17:59.930]  a bit about how you might be able to do that, but if you can't get it down to that length,
[17:59.930 --> 18:04.030]  you've got to look at your ability and what kind of information you're putting in there.
[18:04.050 --> 18:07.770]  So look, work on it. Get your resume down. Two or three pages is ideal.
[18:08.730 --> 18:11.150]  So the other thing we're going to talk about is formatting errors.
[18:12.230 --> 18:18.330]  Choose your font and stick to it. Same font throughout the whole document. Don't do multiple
[18:18.330 --> 18:24.110]  fonts. Be careful when you cut and paste things, maybe from one resume to another or from your
[18:24.110 --> 18:27.910]  LinkedIn, you might find that you actually end up putting in a different font and you didn't know
[18:27.910 --> 18:32.650]  that. So regularly check that you've got the same font throughout the whole lot.
[18:32.990 --> 18:41.550]  And generally, probably the same size font as well. You might have titles in a slightly
[18:41.550 --> 18:46.630]  bigger font, I suppose, but you've got to keep whatever you do, do the format the same right
[18:46.630 --> 18:53.690]  the way through. So if you have a description of where you worked, how long you worked there,
[18:53.690 --> 18:58.170]  your job title, and then underneath, you've got bullet points of the things you did.
[18:58.770 --> 19:03.330]  Every job should be done the same way, not bullet points on one and no bullet points
[19:03.330 --> 19:07.390]  for another or square bullet points on one and round bullet points on another.
[19:07.950 --> 19:13.870]  You want to make sure that you've got all of these things laid out so that the format reads
[19:13.870 --> 19:19.070]  and there's nothing distracting them, basically. And be really careful about where you use
[19:19.070 --> 19:26.110]  your bolding. Some places, if you bold every company you work for, and then the date,
[19:26.110 --> 19:29.770]  and then the date isn't bold, you know, if it's the same all the way through,
[19:29.770 --> 19:34.850]  and it's used sparingly, it can look good. If you're bolding lots of words and you're
[19:34.850 --> 19:39.030]  sending them to different jobs, and sometimes those skills don't apply to those jobs, it's
[19:39.030 --> 19:43.170]  going to look a mess. First off, and it's often not going to apply. And somebody's going to be
[19:43.170 --> 19:48.030]  looking and saying, why are they even bolding those words? They don't apply to this job.
[19:48.030 --> 19:56.310]  So just be really careful and use it sparingly. Spelling and grammar mistakes.
[19:58.090 --> 20:05.110]  I always get a bit, but why are these still happening? We have tools, you know, Microsoft
[20:05.790 --> 20:11.270]  has tools for you. If you're using the Microsoft suite, it picks up your spellings. You get a
[20:11.270 --> 20:16.330]  little red squiggly line underneath. It tells you that it picks up your grammar mistakes.
[20:16.330 --> 20:20.730]  It tells you to check them. And this page had quite a lot of squiggly lines on it, I can tell
[20:20.730 --> 20:31.410]  you. Use those, read through them, and that should be your first point. And you'd be so surprised,
[20:31.410 --> 20:39.590]  probably three quarters, I would say, of the resumes we see have still got spelling and
[20:39.590 --> 20:45.590]  grammar mistakes in them. And so it's such an easy one to avoid. So make sure you're using
[20:45.590 --> 20:51.390]  the word processing systems or whatever software you've got to pick up on that.
[20:51.830 --> 20:58.410]  And I get that not everybody's great with spelling and grammar. I may well be from England,
[20:58.410 --> 21:05.430]  but actually I'm pretty shit at it. It's not a skill of mine. And so I ask friends, I ask other
[21:05.430 --> 21:10.850]  people to read over. In fact, even this presentation, I asked one of my colleagues to have a
[21:10.850 --> 21:15.590]  look through it and point out stuff. And I made some formatting mistakes. Thankfully,
[21:15.590 --> 21:21.310]  the spelling and grammar mistakes were only the ones I meant to make. But I did make some mistakes
[21:21.310 --> 21:26.930]  in it. So look, get somebody else to look at it. Now these next couple of things, they kind of do
[21:26.930 --> 21:36.190]  merge a little bit in together. So missing specific employment dates. We will see resumes that are
[21:36.190 --> 21:46.450]  sent to us that will say 2018 to 2019. I mean, when? I mean, is that a two-month job? Did you
[21:46.450 --> 21:51.650]  start in December and finish in January? Or is that a two-year job? Did you start in January
[21:51.650 --> 21:58.670]  and finish in December? You need to be specific with your employment dates. And I'll talk about
[21:58.670 --> 22:04.270]  why, because as we roll into sort of leaving employment gaps, everybody at some point may
[22:04.270 --> 22:10.090]  well have an employment gap. Maybe you were out of work and you were looking. Maybe you took the
[22:10.090 --> 22:15.570]  time off to do some certifications. Maybe you travelled. Maybe you looked after a loved one.
[22:15.910 --> 22:22.810]  Maybe you had a baby. Who knows? People have good reasons for having gaps in their employment.
[22:24.050 --> 22:28.750]  And you should embrace that. That gap in your employment, put what you were doing,
[22:28.750 --> 22:32.630]  put it down there on your resume. And the reason why I say that is because
[22:33.790 --> 22:38.790]  you will want to cause... when people are reading your resume, you don't want them having doubts.
[22:38.790 --> 22:44.130]  You don't want them making lists of, okay, I must ask them about those employment dates. I must ask
[22:44.130 --> 22:48.270]  them what they were doing between that time and that time. You don't want them asking you that.
[22:48.270 --> 22:52.970]  You don't want them... because if you have more doubts than the resume next to them, you might
[22:52.970 --> 22:57.210]  just never get a chance to talk to them about it. Maybe they'll take these resumes and they'll never
[22:57.210 --> 23:05.950]  get to that pile of resumes. So get rid of the doubts. Make sure that they can focus just on
[23:06.490 --> 23:11.790]  what your resume has in it, the information and stuff that's applicable. That's why this is so
[23:11.790 --> 23:18.170]  important. And then irrelevant information. I'll give you a few examples. This is going to really
[23:18.170 --> 23:30.630]  help you with your resume length. So nobody, at least nobody I know, wants to know lots of detail
[23:30.630 --> 23:38.070]  about a three-month job that you had 15 years ago. Just probably not applicable, right? Just
[23:38.070 --> 23:45.370]  not applicable. So anything you've done even 10 years ago, and some people I've seen even go up
[23:45.370 --> 23:52.110]  to sort of seven, eight years, but certainly 10 years ago. If it's 10 years ago, it doesn't need
[23:52.110 --> 23:57.790]  to have any detail. I think if it's 10 years ago, you need to have the company you work for,
[23:57.790 --> 24:04.310]  the specific employment date you work for them, and the job title. That's it. A few of you now
[24:04.310 --> 24:07.850]  are looking at really long resumes and thinking, wow, I can just get rid of half of it. That's
[24:07.850 --> 24:14.450]  perfect. Thank you, Chris. So that's what you're going to look to do. If they want to find out
[24:14.450 --> 24:19.210]  more information about those jobs, they'll ask during the interview. They're not going to, that's
[24:19.210 --> 24:22.890]  not going to stop you from getting an interview. It's going to be something they'll ask you about,
[24:22.890 --> 24:27.690]  especially if it's very applicable to the job, or at least the job title is applicable.
[24:28.050 --> 24:34.270]  So just bear that in mind. Likewise, and this is kind of a little bit of a bugbear of mine.
[24:35.250 --> 24:42.370]  Under certifications, a lot of people will have not only certifications they've got,
[24:42.370 --> 24:47.350]  certifications that they've let run out. So they don't have, they no longer have them.
[24:47.350 --> 24:54.850]  And then also certifications that they haven't even got yet. CISSP-studying. I've seen it so
[24:54.850 --> 25:01.750]  many times. And that's a bugbear for me because you forget, we have old resumes of people when
[25:01.750 --> 25:07.350]  they apply for jobs. I can see that for two years, you've been studying for your CISSP
[25:07.350 --> 25:12.370]  because on your last resume, the last time you were looking, it says it. So honestly,
[25:12.370 --> 25:17.870]  it's bullshit. I'm going to mince my words, right? It's bullshit. You're not still studying for it.
[25:17.870 --> 25:24.990]  So take it off. Or if you're truly about to do the test, right? If you know, September,
[25:24.990 --> 25:30.230]  I've got my test book, September, 2020, I've got my test book, then put it CISSP
[25:30.230 --> 25:37.510]  test book for September, 2020, put the year, right? But other than that, take it off. People
[25:37.510 --> 25:41.710]  will ask you, like when you've got stuff on there, people will ask you about it. And then,
[25:41.710 --> 25:47.050]  you know, you've got an M&R and you might have to, you know, blur the truth a little bit. And
[25:47.050 --> 25:53.210]  they can tell, they can tell this stuff. So don't put it on there. Other thing is we don't need a
[25:53.210 --> 25:57.990]  load of degree, a load of information about what you studied your degree in if it was 10 years ago.
[25:58.650 --> 26:02.510]  And don't bother people putting graduation dates, right? You don't want anybody to date you or to
[26:02.510 --> 26:09.190]  age you. You don't need to put dates of education in there. You can put what you studied, you put
[26:09.190 --> 26:13.950]  what your major is, you can put your GPA, that's it. Don't go into detail. Now, there's a caveat
[26:13.950 --> 26:19.990]  to that. And the caveat is that if you're a recent graduate, you don't have a lot of experience,
[26:20.910 --> 26:26.890]  then you may want to put into a little bit more detail as to what you did as part of that study.
[26:26.890 --> 26:32.890]  But that's the only reason you should do that. And then the last thing about your resume is
[26:33.990 --> 26:37.550]  this is going to be read by multiple people in a company.
[26:38.790 --> 26:43.550]  Some of those people are going to be technical, and some of those are going to be non-technical.
[26:44.330 --> 26:49.870]  And they're going to judge your written communication on this resume. And if you do
[26:49.870 --> 26:54.910]  really, really well, this is probably going to be, you know, in front of management directors,
[26:54.910 --> 26:59.430]  maybe even execs, depending on the position you're vying for. And you've got to write a
[26:59.430 --> 27:04.970]  resume that speaks to all of those different people. In my experience, if you're going for
[27:04.970 --> 27:11.070]  a technical job, you will end up having some kind of technical test. So you don't need to worry
[27:11.870 --> 27:16.010]  too much about making it overly technical. As long as they've got an idea of what you did,
[27:16.010 --> 27:20.070]  what projects that you've done, they're going to ask you about it. Make it something that works
[27:20.070 --> 27:27.710]  for all different levels of people. Because, you know, if you're writing a pen test report
[27:27.710 --> 27:34.710]  or a risk assessment, they want somebody that's able to write something that speaks to different
[27:34.710 --> 27:42.770]  people, different levels of people. And so let's not make it overly technical. You don't want a
[27:42.770 --> 27:47.870]  non-technical person to get lost in it and just put it down, right? Reminder, they will check your
[27:47.870 --> 27:55.130]  technical skills. I'm going to leave this one up here. Dishonesty. Let me take a drink of water
[27:55.130 --> 28:07.270]  while you just look at this slide. Don't be dishonest, please. It always comes out. I've
[28:07.270 --> 28:11.790]  seen it come out during interview. I've seen it just during people sending their resumes. I've
[28:11.790 --> 28:17.150]  seen it during the interview process. It's really awkward. I've seen it come out after people have
[28:17.150 --> 28:25.330]  been offered jobs and I've seen jobs retracted. I've seen it come out after people have got jobs
[28:25.330 --> 28:33.590]  and I have seen people fired. Just don't do it. There's no reason. This should be your honest
[28:34.570 --> 28:39.470]  career experience. Be proud of what you have done. Don't make up things you haven't done. It will
[28:39.470 --> 28:52.370]  come up and it will bite you in the arse. So social media. You guys generally are pretty savvy
[28:52.930 --> 29:00.510]  and I put a big buck here because for eight years I've been doing this and I still see
[29:00.510 --> 29:09.670]  cyber security people not thinking about how their social media impacts their job search.
[29:09.670 --> 29:16.190]  I've seen public tweets, old public tweets, that people probably don't feel that way anymore
[29:16.990 --> 29:21.510]  come and stop people getting jobs. Certainly stop people getting interviews.
[29:24.090 --> 29:30.250]  There's two ways to work it. Keep it private and I think a lot of cyber security people probably
[29:30.250 --> 29:35.690]  understand that. You can have a couple of different social media. If you want to have a
[29:35.690 --> 29:41.070]  private and a public one and have it separated like that, you can absolutely do that.
[29:41.350 --> 29:46.070]  Or, of course, you can be at the point of, look, I don't give a shit. This is me.
[29:46.210 --> 29:50.870]  If you're going to hire me, this is what I feel. And I see a lot of people do that and that's great
[29:50.870 --> 29:57.010]  for them. And there are a lot of people in high demand in our industry. And so, you know,
[29:57.010 --> 30:04.250]  absolutely, you know, you can go ahead and do that. But you make that decision. Just do it with a
[30:04.250 --> 30:09.950]  clear head, I guess. Do it and understanding what you're doing. Because the last thing you
[30:09.950 --> 30:15.750]  want to do and I guess, you know, we should be pretty good at assessing risk, right? And you
[30:15.750 --> 30:21.070]  can decide how risky it is, whether you want to manage that issue or whether you don't want to
[30:21.070 --> 30:27.070]  manage it. Up to you. Just make sure you're thinking about it because it can stop you and
[30:27.070 --> 30:31.250]  it will stop you getting jobs and it could stop you getting your dream job. It could stop you
[30:31.250 --> 30:36.490]  getting the thing that you most want to do. And, you know, you don't really want it to do that.
[30:37.250 --> 30:44.430]  So, moving on to LinkedIn accounts. I've seen a couple of people with a couple of different
[30:44.430 --> 30:48.650]  LinkedIn accounts. That always looks a bit strange, especially as most of them are not
[30:48.650 --> 30:55.210]  private and they often say different things. Don't do that. Have one LinkedIn account.
[30:55.210 --> 31:02.150]  And make sure the information matches what's in your actual resume. So make sure the job title
[31:02.150 --> 31:08.310]  matches. Make sure the description matches. And if you could probably have a couple of different
[31:08.310 --> 31:13.270]  job titles, you're welcome to have one on LinkedIn and then you could have that same one on your
[31:13.270 --> 31:18.950]  resume and then in brackets, the job title that you would put that as. Because I know that some
[31:18.950 --> 31:25.830]  businesses use very generic job titles. So you can you can work within this, but make sure that
[31:25.830 --> 31:30.070]  there is a match there and it isn't going to make somebody say, I love this resume, this person looks
[31:30.070 --> 31:37.310]  great. Let me look at their LinkedIn. Oh, oh, well, that's totally different. Why is it totally
[31:37.310 --> 31:41.610]  different? That's strange. And you don't want to create that doubt because you don't know how many
[31:41.610 --> 31:46.610]  people you're up against when you're going for these jobs. And then think about the information
[31:46.610 --> 31:54.690]  that you share as well. Would your previous employer be happy about that information? Would
[31:54.690 --> 32:00.890]  your current employer be that happy with that amount of information you share? And would your
[32:00.890 --> 32:07.750]  future employer be happy about the amount of information you share on there? So just be very,
[32:07.750 --> 32:16.340]  very careful around that. Maximizing impact. Got a couple of slides on this. Very important. You've
[32:16.340 --> 32:21.260]  got the best resume in the world. You put something together. You're very happy with it. How can we
[32:21.260 --> 32:30.080]  maximize impact? First up, we're going to talk about cover letters or cover sheets. As an external
[32:30.080 --> 32:38.020]  recruitment company, we do not send out a resume unless it has a cover sheet, a one-page cover
[32:38.020 --> 32:43.800]  sheet right at the beginning. Absolutely every time. We do it because we believe it makes an
[32:43.800 --> 32:50.160]  impact on how long that hiring manager will take to look at your resume.
[32:52.660 --> 32:59.280]  And so it's a way for us to take out very much the most relevant experience in those two or
[32:59.280 --> 33:07.360]  three pages and putting it right up front. We know Mr Hiring Manager or Mrs Hiring Manager that you're
[33:07.360 --> 33:15.300]  miss hiring manager. Whatever pronoun you prefer. We know hiring manager that you are looking for
[33:16.040 --> 33:24.290]  these five skills. This person has this many years with this skill.
[33:25.390 --> 33:31.410]  They were using it in their most recent role. We pull out that information. We make it so that
[33:45.270 --> 33:50.770]  the manager looks at it and is excited by your impact. So that's how we do it. As an individual,
[33:50.770 --> 33:57.010]  you might do it a little bit differently. First off, you've got to make sure that they're specific
[33:57.010 --> 34:03.070]  and concise. The same way as you would do in your resume, you've got to do the same in your cover
[34:03.070 --> 34:09.010]  letters or cover sheets. Make sure they're specific to the job description. Don't send out
[34:09.010 --> 34:13.510]  generic cover letters. They're horrible. They really are. Don't send a cover letter. If you're
[34:13.510 --> 34:17.490]  going to send a generic one, just don't bother sending one at all. Make sure they're specific
[34:17.490 --> 34:22.630]  to the job you're applying for. Make sure they're concise. Take your relevant experience and actually
[34:22.630 --> 34:28.530]  look at the job description or the job specification and read through it and think
[34:28.530 --> 34:34.810]  about it being a question and answer. They are looking for this. What experience do I have with
[34:34.810 --> 34:39.670]  this? They are looking for this. What experience do I have with this? And think about pulling that
[34:39.670 --> 34:44.310]  kind of information out. The other things you should put on the cover letters or cover sheets
[34:44.310 --> 34:51.510]  are why you really want the position. What's exciting you about it? And then that folds
[34:51.510 --> 34:55.830]  on to why you want to work for that company. What excites you about that company? If they feel that
[34:55.830 --> 34:59.950]  you're excited about the job, you're excited about working for them, you've done a little
[34:59.950 --> 35:07.590]  bit of background on them, they're going to be excited to meet you. And then finally, if relevant,
[35:07.590 --> 35:12.110]  you may want to put why you're leaving your current position. It's really, really important
[35:12.110 --> 35:18.130]  if you're doing this, you keep it very positive. And you should always be talking as positively as
[35:18.130 --> 35:24.430]  you can about why you're leaving your current position. It's been wonderful working here,
[35:24.430 --> 35:31.130]  but they don't support going to conferences or they don't actually pay for people to do
[35:31.130 --> 35:37.770]  certifications. Something like that. They have eight days vacation time. I work really hard.
[35:37.770 --> 35:42.070]  I'm willing to work really long hours, but I would like to spend more time and see more of my family.
[35:42.110 --> 35:47.150]  Whatever it might be, if it is relevant, then you can put that in the cover letter.
[35:49.190 --> 35:55.890]  So going on to sort of other ways to maximise impact. These are the three ways that you're
[35:55.890 --> 36:00.050]  going to really do your search. So you've got to make sure you own it. Own your search.
[36:00.990 --> 36:08.110]  One way is going to be responding to adverts. The other way is going to be utilising your network.
[36:08.790 --> 36:12.950]  And then finally, and these are the big three for me,
[36:12.950 --> 36:19.010]  is recruiters. Working with internal recruiters and working with external recruiters.
[36:20.290 --> 36:24.010]  So we'll talk about adverts first of all. Call that adverts a mess.
[36:26.270 --> 36:29.150]  Adverts are a funny thing, especially for our industry.
[36:30.010 --> 36:38.030]  So let's think about this for a second. I'm going to advertise to people that work in security
[36:38.030 --> 36:47.510]  and privacy. And I'm going to expect them to send their resume, which includes their personal data,
[36:47.510 --> 36:53.150]  through an advert to get added on a database, multiple databases,
[36:54.850 --> 37:01.970]  for who knows how long that's going to be sitting there for. And then you're going to get maybe
[37:01.970 --> 37:08.770]  standardised responses. You may or may not even be contacted. And when you do get contacted,
[37:08.770 --> 37:13.910]  there's a high chance that the first person contacting you or speaking to you may know
[37:13.910 --> 37:21.070]  nothing about our industry. And maybe even working off a checklist. Do you have this?
[37:21.070 --> 37:26.450]  Do you not have this? Check, check, check, check, check, check, check. Strangely enough,
[37:26.450 --> 37:32.190]  it doesn't work very well in an industry. It's broken! I should be there. I should smash a glass
[37:32.190 --> 37:39.630]  here for effect. That would be really good. It is broken. Advertising is broken. You should not rely
[37:39.630 --> 37:47.610]  on this, no matter how great your resume is. Don't rely on responding to adverts to be the major part
[37:47.610 --> 37:53.030]  of your job search. Am I saying you shouldn't do them? No. I'm saying you can still do that,
[37:53.030 --> 37:58.170]  but it shouldn't make up the major part of that. And we'll talk about the other things that you
[37:58.170 --> 38:02.470]  are going to do. As a recruitment company, you're probably saying, hey, but Chris,
[38:02.470 --> 38:08.830]  I've seen Tyro Security. I've seen them advertise their jobs. You've got a job page on your website.
[38:09.010 --> 38:12.970]  You advertise your jobs here. You advertise your jobs here. Yes, we absolutely do.
[38:13.010 --> 38:19.270]  And I can tell you, we don't get a lot of response from them. And a lot of the response we do get
[38:19.270 --> 38:29.230]  people that are hoping to work in cyber security. And so the thing is, they haven't got any
[38:29.230 --> 38:34.150]  experience. And as a recruitment company, we get paid to find experienced people. So we don't have
[38:34.290 --> 38:39.170]  a lot we can help those people with. And actually, we've got to do a lot of delving through people
[38:39.170 --> 38:45.470]  that aren't qualified to get to the people that are. It's not really worth a whole lot of our time.
[38:45.470 --> 38:49.350]  We still do it because at the end of the day, we're putting out there and you're taking the
[38:49.350 --> 38:52.910]  time to respond to us and we want to take the time to respond to you. But really,
[38:52.910 --> 38:58.470]  we don't get a lot of benefit from advertising. The major benefit is probably from having companies
[38:58.470 --> 39:03.750]  come to us and say, oh, do you know what? I've seen you do a lot of adverts for that application
[39:03.750 --> 39:09.230]  security people or cloud security people or DevSecOps or whatever it may be. You're advertising
[39:09.430 --> 39:14.010]  a lot of jobs for that. So you probably got a lot of candidates. So I want to talk to you because
[39:14.010 --> 39:18.390]  you're a specialist in that area and I'm looking for a DevSecOps person as well.
[39:18.390 --> 39:23.250]  So we actually probably get more benefit from the client side rather than the candidate side.
[39:25.760 --> 39:34.700]  Right. Your network. Your network is going to be absolutely key. The people you know,
[39:34.700 --> 39:40.140]  what companies are your friends, do your neighbours work for? Are they recruiting
[39:40.140 --> 39:46.600]  for positions that you might be interested in? How are you networking? Are you using those?
[39:46.640 --> 39:51.320]  Think about the people you know in person. Then you think about your virtual network.
[39:51.320 --> 39:57.760]  LinkedIn is key for this. Who do you know? Who do they know? Connect with managers that you think
[39:57.760 --> 40:03.800]  may be hiring and take the time when you connect them to write a personal note. Are you involved
[40:03.800 --> 40:10.500]  with your local community? The funny thing about this is that we're not meeting up so much in
[40:10.500 --> 40:15.260]  person at the moment, right? But a lot of the communities are doing a lot of webinars and
[40:15.260 --> 40:21.320]  things like that. Certainly, my Cloud Security Alliance chapter is doing regular webinars.
[40:22.020 --> 40:27.820]  So think about getting involved with that, either just as a member or even as a volunteer. It's a
[40:27.820 --> 40:32.740]  great way to build your network and be involved. It'll be amazing to see who you might meet.
[40:32.740 --> 40:40.080]  You've got people like the Cloud Security Alliance, OWASP, ISARCA, ISSA. You've got other local
[40:40.580 --> 40:47.420]  groups as well that may just have meetups or webinars. So take a look at meetup.com.
[40:47.420 --> 40:52.560]  That might help you. If you're part of an underrepresented group,
[40:52.560 --> 41:01.560]  Cyberjutsu, the YSYS people, the Women in Security and Privacy, ICMCP, the Blacks in Cybersecurity.
[41:01.560 --> 41:08.280]  Join a group that you feel you will fit in well to, and that can be a great networking
[41:08.280 --> 41:13.880]  opportunity for you. And you can give back as well at the same time. Another thing, conferences.
[41:15.820 --> 41:19.800]  Welcome to DEF CON, right? You're attending the conference right now.
[41:20.140 --> 41:26.320]  Conferences are an amazing way to meet people that may well hire you or may be able to even help you.
[41:26.880 --> 41:32.060]  Most companies nowadays have referral schemes. They're very, very common.
[41:32.260 --> 41:37.980]  So even if you're not meeting a hiring manager, you could still be meeting somebody that could
[41:37.980 --> 41:44.220]  refer you internally. And a referral internally can help you skip a lot of the process. You'd
[41:44.220 --> 41:49.680]  be surprised. I know companies that guarantee that if you refer somebody, if somebody internally
[41:49.680 --> 41:55.080]  refers you, they will call you. You'll definitely get a call. Now, whether you'll get a full
[41:55.080 --> 41:59.100]  official interview or not, but you'll get at least a phone call. So you will hear back. They
[41:59.100 --> 42:05.680]  get back to their referrals in ways that they sometimes don't get back to their advert responses.
[42:06.260 --> 42:13.060]  So bear that in mind. The other thing to think about is speakers. I always say,
[42:13.060 --> 42:17.820]  failing to plan is planning to fail. It's one of my favourite quotes. If you're going to go
[42:17.820 --> 42:23.180]  to a conference, if you're going to attend a conference, make sure you're seeing in advance
[42:23.180 --> 42:29.340]  who you want to see talk. Could they help you in the process of you looking for a role? Do you
[42:29.340 --> 42:35.280]  want to work for that company? If it's an in-person one, be that person hanging around the stage
[42:35.280 --> 42:40.840]  afterwards and actually meet the person. If it's virtual, hopefully, like me, they'll be in a Discord
[42:40.840 --> 42:46.180]  chat and you can talk to them in there. Or you can reach out to them and say to them, I listened to
[42:46.180 --> 42:51.580]  your speech here and it was great. It was a really great presentation. I'd love to connect with you
[42:51.580 --> 42:57.000]  if you're going to connect with me via LinkedIn. And then the last thing is research and presentations.
[42:57.840 --> 43:03.340]  This is going to help your credibility hugely. It's going to be really good for your personal
[43:03.340 --> 43:10.200]  branding. It's a great, great, great way to network and it's experience that will help you
[43:10.200 --> 43:15.900]  in your career and it will really improve your resume. So get involved in doing research,
[43:15.900 --> 43:22.220]  presenting research, network and volunteer and help. These are all great ways to really
[43:22.220 --> 43:29.680]  maximise what you're going to be able to do with your resume. Right, this one.
[43:30.940 --> 43:37.280]  72% of cyber security professionals do not believe that their HR department understands
[43:37.280 --> 43:43.820]  their hiring needs. Ouch. Wow, that sounds really, really terrible. I should state here,
[43:43.820 --> 43:48.080]  I know some amazing internal recruiters. In fact, I'm going to be on a recruitment
[43:48.820 --> 43:54.180]  happy hour panel within DEF CON and some of them I've got so much respect for.
[43:54.180 --> 44:01.720]  This isn't always actually an internal recruiter's issue. Internal recruiters that spread at many
[44:01.720 --> 44:09.060]  companies very, very thinly, very thinly. And they can't get enough just cyber security,
[44:09.060 --> 44:14.500]  job JDs, job descriptions to actually just work in that area, to specialise in that area.
[44:14.500 --> 44:19.200]  Very tough. It's a tough ask. How can you ask somebody that one day could be recruiting for
[44:19.340 --> 44:23.520]  a cyber security person and the next day could be recruiting for an accountant or even recruiting
[44:23.520 --> 44:29.780]  for the same person on the same day? Really tough ask to expect them to know and understand cyber
[44:29.780 --> 44:36.340]  security, to sort of recognise what's on a resume and recognise the relationships between certain
[44:36.340 --> 44:43.820]  skills or certain tools. And so it can and it does result in people that have applied actually
[44:43.820 --> 44:49.020]  not getting through to the next stage and being overlooked despite them being really good.
[44:49.700 --> 44:55.260]  It's very tough ask for internal recruiters. So I just say don't give them too hard a time. Even
[44:55.260 --> 45:00.620]  if you've had a bad experience, internal and external recruiters, please don't give any of
[45:00.620 --> 45:08.420]  us a bad time. We try our best, right? Now, I will say this. There are, you know, your first port of
[45:08.420 --> 45:13.480]  call really should be technical hiring people when you're trying to get your resume in front of them.
[45:13.480 --> 45:17.640]  But there are some great internal recruiters. If you're working for a very, very large company as
[45:17.640 --> 45:23.880]  an internal recruiter, certain ones have people that specialise just in cyber security. So they
[45:23.880 --> 45:28.240]  do know what they're doing. And if they work for a cyber security company or a company, the majority
[45:28.240 --> 45:32.740]  of what they do is in the cyber security business, there's a good chance they're going to know and
[45:32.740 --> 45:38.620]  understand your resume. So just bear that in mind. And that stat, by the way, is from the ISRC state
[45:38.620 --> 45:43.940]  of cyber security. And it is tough. And I think it's tough because a lot of these roles stay open
[45:43.940 --> 45:50.840]  for a very long time. And people lose faith in their internal people because of that. So just
[45:50.840 --> 45:56.480]  bear in mind that don't be rude to people. Don't be rude to anybody, anybody you speak to. I've got
[45:56.720 --> 46:03.480]  a rule. It's funny. When I used to interview people to come and work for me, one of the
[46:03.480 --> 46:06.960]  first people I would speak to at the end of an interview would actually be the person that worked
[46:06.960 --> 46:12.140]  on the reception desk. I'd ask what their first impression was. How was the person to them? So
[46:12.140 --> 46:17.880]  anybody that's involved in the process, don't be rude to them. Don't talk down to people. No need
[46:17.880 --> 46:25.200]  to do that. And you'd be surprised how much of a say somebody that you may think may not have
[46:25.200 --> 46:29.920]  could have. So don't do that. And don't ignore company's process. If somebody tells you this
[46:29.920 --> 46:41.280]  is the process we go through, don't ignore it. Right. So external recruiters, us guys.
[46:41.960 --> 46:47.060]  When you're looking at external recruiters, you really want to build relationships with
[46:47.060 --> 46:52.200]  ones that specialise in cyber security. Great way of doing that, you can look at their LinkedIn,
[46:52.200 --> 46:58.680]  of course, you can see what they write, how they describe what they do.
[46:58.780 --> 47:05.520]  Another way could be looking at the company they work for. Are they advertising just cyber
[47:05.520 --> 47:09.660]  security positions? Or are they saying they're specialists? Because there's an awful lot of
[47:09.660 --> 47:14.560]  specialists in cyber security that aren't actually specialists. They're generic people
[47:14.560 --> 47:19.560]  and they work on whatever roles that their clients give them. Right. So you want to work
[47:19.560 --> 47:25.740]  with specialists. There's an easy way of doing that. They have credibility in their industry.
[47:26.000 --> 47:32.360]  They can put you in front of hiring management and they can also talk to the hiring management,
[47:32.360 --> 47:38.580]  maybe even explain in a little bit more detail and get a little bit technical as to why you are
[47:38.580 --> 47:45.640]  somebody that should get an interview. And, you know, that credibility, certainly we see our
[47:45.640 --> 47:52.560]  resumes go to the top of the pile when maybe some generic recruiters might have to go through a
[47:52.560 --> 47:57.500]  slightly different process. So, you know, part of that credibility and stuff will really help you.
[47:57.500 --> 48:03.340]  A good way to identify them as well is are they involved in the community? Are they going out and
[48:03.520 --> 48:09.240]  building a network? Do they go to these conferences? Do they go to the meetups? Do they volunteer at
[48:09.240 --> 48:15.080]  these places? Are they regularly attending these? Have you given up your personal time to
[48:15.080 --> 48:19.320]  regularly attend them? Chances are they are dedicated to the industry. So that's a good
[48:19.320 --> 48:26.560]  way to find them. They wouldn't be that hard to search for, I'm sure. They're the recruiters you
[48:26.560 --> 48:32.220]  build your relationships with, you connect with them. They'll have a network and they'll also
[48:32.220 --> 48:38.600]  give you free cyber security resume advice. They'll be able to tell you on there what you
[48:38.600 --> 48:43.280]  should maybe change. They'll be able to use that industry experience to help you during the
[48:43.280 --> 48:47.620]  interview process. And they're going to be able to really guide you through that process and
[48:48.480 --> 48:53.560]  give you a much better chance of probably getting the job you want. So, just bear that in mind.
[48:53.940 --> 49:00.460]  So, coming towards the end of the talk now. Hopefully I'm not too short and not too long.
[49:01.380 --> 49:06.760]  Looking at my watch here, hopefully I'm doing all right. So the takeaways from this.
[49:07.780 --> 49:12.720]  Let's make sure you understand, and hopefully you do at this stage, you understand why resumes
[49:12.720 --> 49:18.600]  are still so, so important and why they're worth taking the time to make sure that you get them
[49:18.600 --> 49:26.640]  right. Hopefully you also understand the common mistakes that we see and you can avoid at least
[49:26.640 --> 49:34.580]  those ones. Also, understanding that relationship of how social media fits into your resume,
[49:34.580 --> 49:36.920]  owning the risk you're going to take,
[49:38.620 --> 49:44.460]  understanding what you're doing when you post things on social media publicly and what the
[49:44.460 --> 49:51.580]  benefits might be to keeping that private. And then finally, how to get this most amazing
[49:51.580 --> 49:54.800]  resume that you're going to be able to put together. How are you going to actually be
[49:54.800 --> 50:01.000]  able to maximise it and put it out there and get it in front of the people that will make
[50:01.000 --> 50:09.350]  the decisions. So hopefully this has been useful for you. This is the end of the presentation.
[50:09.930 --> 50:15.610]  You can follow me on Twitter. I'm actually not on Twitter an awful lot. A lot of the stuff that
[50:15.610 --> 50:22.730]  I post on LinkedIn, I will also post on Twitter. LinkedIn really is, I'm a pretty big user.
[50:22.730 --> 50:27.510]  Anybody that's connected with me probably knows that already. I'm a big user of LinkedIn. So
[50:28.010 --> 50:34.510]  absolutely, connect with me, please. I get a lot of connections and I'm probably turned down maybe
[50:34.510 --> 50:40.730]  80% of what I get. So generally, if you work in the cyber security industry, I'm going to accept
[50:40.730 --> 50:45.790]  you. Please, if you can, if you wouldn't mind, just taking the time to write a little note in
[50:45.790 --> 50:51.510]  that section and tell me if you wanted to connect with me to tell me how terrible my talk was at
[50:51.510 --> 50:56.990]  DEF CON. That's fine. I'll still connect with you. We all need some constructive criticism.
[50:56.990 --> 51:01.850]  If we can keep it constructive, that would be amazing. So yeah, connect with me on LinkedIn
[51:02.570 --> 51:08.350]  and mention DEF CON if you did see it there. So look, thank you very, very much. Thank you,
[51:08.350 --> 51:14.670]  Kathleen, for the opportunity to speak. Hopefully I did okay. And those people that
[51:15.210 --> 51:20.230]  I've maybe sent to sleep, they can wake up now. At least they got a good nap. Thank you.
[51:20.950 --> 51:27.270]  Chris, thank you so much. You brought up some really great points. One thing I wanted to point
[51:27.270 --> 51:33.410]  out that a lot of people, a lot of the technical resumes that I've been reviewing in the community,
[51:33.750 --> 51:39.270]  a lot of people use templates. They believe that the templates are going to make their
[51:39.270 --> 51:45.350]  resumes look pretty. But when you use the template, it doesn't have the spell check
[51:45.350 --> 51:52.830]  or the formatting check. Primarily the spell check. So a lot of people have been using templates
[51:52.830 --> 52:02.250]  to make it look design pretty. Please, just keep it simple. Keep it something straightforward for
[52:02.250 --> 52:13.250]  everyone to be able to read. Love the advice about social media. Keep an eye that it stays out there.
[52:13.250 --> 52:21.370]  There's online reputation reports that say that HR managers and recruiters will check your social
[52:21.370 --> 52:29.270]  media before they call you in for an interview. And you might not like what they view as far as
[52:29.270 --> 52:37.410]  your social media. So be very careful about that. Also great recommendations on connecting with
[52:37.410 --> 52:44.630]  recruiters, connecting with them in various different places, socially, online, through
[52:44.630 --> 52:51.310]  conferences. Always great to be expanding your network. Chris's team is going to be part of our
[52:51.310 --> 52:59.230]  resume review team. So be sure you be sure you're signing up for resume review and get some really
[52:59.230 --> 53:04.330]  good advice on that. Chris, as always, great to have you part of this. Thank you for being part
[53:04.330 --> 53:09.210]  of DEF CON Hacking Career Village. Thank you so much. Thank you for asking me. It's been great.
